Abstract: In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy.

Abstract: In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client.

Abstract: In embodiments of the present invention improved capabilities are described for an extensible, file-based, security system that may be used for recording, analyzing, storing, updating and evaluating metadata, such as file reputation metadata, in order to determine an appropriate access control or security control measure to implement in association with a file. In response to the generation of a file from a software program, metadata that defines access, security, and compliance reporting parameters of the generated file may be created that conform to and/or implement a corporate policy. The metadata may be used to control the access, security, and/or compliance reporting settings of the file and to require that only an approved method of using the file, or any of the file's contents, is used, and that the method and use of the file is in accord with the access, security, and/or compliance reporting parameter definitions in the metadata which embody the corporate policy.

Abstract: In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client.

Abstract: In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client.

Abstract: In embodiments of the present invention improved capabilities are described for automated recovery from a security event. Automated recovery includes detecting a security event, using metadata to select a target backup for recovery, bringing the recovered environment online in a quarantine mode, initiating automated recovery of the environment, and running at least one of a generic remediation process and a specific remediation process in the quarantine mode prior to releasing the environment from quarantine mode. Related user interfaces, applications, and computer program products are disclosed.

Abstract: In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy.

Abstract: In embodiments of the present invention improved capabilities are described for the computer program product steps of serving a limited network connection to an endpoint computing facility via network device access control lists, where the limited network connection may enable the endpoint to communicate with a limited set of network resources; assessing security compliance information relating to the endpoint to determine a security state; and in response to receiving an indication that the security compliance information is acceptable, serving a managed network connection to the endpoint, where the managed connection may enable the endpoint to communicate with a larger set of network resources than the limited network connection.